CorsBuilder
in package
A builder object that assists in defining Cross Origin Request related headers.
Each of the methods in this object provide a fluent interface. Once you've
set all the headers you want to use, the build() method can be used to return
a modified Response.
It is most convenient to get this object via Request::cors().
Tags
Table of Contents
Properties
- $_headers : array<string, mixed>
- The headers that have been queued so far.
- $_isSsl : bool
- Whether the request was over SSL.
- $_origin : string
- The request's Origin header value
- $_response : MessageInterface
- The response object this builder is attached to.
Methods
- __construct() : mixed
- Constructor.
- allowCredentials() : $this
- Enable cookies to be sent in CORS requests.
- allowHeaders() : $this
- Allowed headers that can be sent in CORS requests.
- allowMethods() : $this
- Set the list of allowed HTTP Methods.
- allowOrigin() : $this
- Set the list of allowed domains.
- build() : MessageInterface
- Apply the queued headers to the response.
- exposeHeaders() : $this
- Define the headers a client library/browser can expose to scripting
- maxAge() : $this
- Define the max-age preflight OPTIONS requests are valid for.
- _normalizeDomains() : array<string|int, mixed>
- Normalize the origin to regular expressions and put in an array format
Properties
$_headers
The headers that have been queued so far.
protected
array<string, mixed>
$_headers
= []
$_isSsl
Whether the request was over SSL.
protected
bool
$_isSsl
$_origin
The request's Origin header value
protected
string
$_origin
$_response
The response object this builder is attached to.
protected
MessageInterface
$_response
Methods
__construct()
Constructor.
public
__construct(MessageInterface $response, string $origin[, bool $isSsl = false ]) : mixed
Parameters
- $response : MessageInterface
-
The response object to add headers onto.
- $origin : string
-
The request's Origin header.
- $isSsl : bool = false
-
Whether the request was over SSL.
allowCredentials()
Enable cookies to be sent in CORS requests.
public
allowCredentials() : $this
Return values
$thisallowHeaders()
Allowed headers that can be sent in CORS requests.
public
allowHeaders(array<string|int, string> $headers) : $this
Parameters
- $headers : array<string|int, string>
-
The list of headers to accept in CORS requests.
Return values
$thisallowMethods()
Set the list of allowed HTTP Methods.
public
allowMethods(array<string|int, string> $methods) : $this
Parameters
- $methods : array<string|int, string>
-
The allowed HTTP methods
Return values
$thisallowOrigin()
Set the list of allowed domains.
public
allowOrigin(array<string|int, string>|string $domains) : $this
Accepts a string or an array of domains that have CORS enabled.
You can use *.example.com wildcards to accept subdomains, or * to allow all domains
Parameters
- $domains : array<string|int, string>|string
-
The allowed domains
Return values
$thisbuild()
Apply the queued headers to the response.
public
build() : MessageInterface
If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.
Return values
MessageInterface —A new instance of the response with new headers.
exposeHeaders()
Define the headers a client library/browser can expose to scripting
public
exposeHeaders(array<string|int, string> $headers) : $this
Parameters
- $headers : array<string|int, string>
-
The list of headers to expose CORS responses
Return values
$thismaxAge()
Define the max-age preflight OPTIONS requests are valid for.
public
maxAge(string|int $age) : $this
Parameters
- $age : string|int
-
The max-age for OPTIONS requests in seconds
Return values
$this_normalizeDomains()
Normalize the origin to regular expressions and put in an array format
protected
_normalizeDomains(array<string|int, string> $domains) : array<string|int, mixed>
Parameters
- $domains : array<string|int, string>
-
Domain names to normalize.